"Don't panic. At present, the long-range attack against the aircraft is theoretically limited to disabling on-board Wi Fi and affecting non secure satellite communication, which can't cause any substantial damage to the aircraft's control system.
Black hat 2018 has come to an end. We can see the research results released by leaders in different fields. All the research is very valuable, but what makes Xiaobian bright (worried) is the research results of Ruben santamarta from ioactive team on satellite communication system (SATCOM). His research results show that satellite communication systems used in shipping, aviation and military fields are vulnerable to network attacks, and users all over the world can not completely avoid risks.
As early as black hat 2014, Ruben showed some proof of concept attacks on satcom system. Four years later, his new research proved that these attacks were feasible in reality.
aviation
During a flight trip, Ruben studied the on-board Wi Fi system. Through the passively collected traffic data, it can be seen that some common services (such as Telnet, HTTP and FTP) contain some IP addresses, and some modems related to aircraft airborne satellite communication (satellite communication) can be accessed without authentication. The example he cited here is the on-board Wi Fi system of Norwegian airlines.
The IP assigned to the passenger device looks like a redirectable IP address:
A network scan from an external host can be observed here:
The network scanning results show that multiple IPS can use common services such as Telnet, WWW and FTP.
Even without authentication, the web interface can be accessed from the ground:
Hx200 is a high-performance satellite router designed to provide high bandwidth satellite IP connection services based on IP dynamic allocation. Although there is little information available on this page, access to this page has proved the seriousness of the problem.
In addition, Ruben found various types of vulnerabilities after in-depth research, including insecure protocols, backdoors and wrong configurations, which enable hackers to attack and control the affected devices. In this way, hackers can attack flying aircraft from the ground through the aviation satellite link, and intercept and destroy non secure communications including airborne public Wi Fi.
At the same time, some Internet of things malware not targeting aircraft will also bring risks, such as gafgyt IOT Botnet, which exploits vulnerabilities in Internet of things devices. Researchers found that the malware infected a ground router connected to an aircraft satellite communication terminal. Although there is no indication that the malware is aimed at the airborne Satcom modem, the botnet does inadvertently carry out a network attack on the airborne equipment.
Fortunately, there is a strict isolation mechanism between various systems on the aircraft. The long-range attack on the aircraft satellite communication equipment will not take over the aircraft control, which will directly cause flight safety risks. However, hackers can still intercept or modify Wi Fi traffic in flight and hijack the equipment of passengers and crew.
Maritime and military
In addition to the vulnerabilities of airborne Wi Fi systems, Ruben disclosed the risks faced in the maritime and military fields, but did not give specific details, because the relevant vulnerabilities are very important for people who rely on these systems and related to life safety.
Ruben said that in the situation where maritime and military satellite communication must be used, the relevant loopholes allow him to change the antenna position or antenna configuration to affect the navigation system, resulting in the crew on the ship without reliable navigation system support and can only float aimlessly at sea.
As for the military satcom system, Ruben said that the precise GPS coordinates of the ground antenna can be extracted through the loophole of the satellite communication system to obtain the location of military facilities and destroy communication. This poses an obvious security risk to military personnel.
Such attacks can also affect the antennas installed on ships and military facilities. The "network physical attack" is carried out by configuring the transmission power of the antenna, which is sufficient to have an adverse impact on biological and electronic equipment.
summary
Ioactive has disclosed the investigation results to the affected suppliers and organizations (such as US-CERT and ics-cert). Although the above airlines and some affected equipment manufacturers have taken measures to solve these problems, some organizations and enterprises are not open to cooperation. It is very difficult to completely solve these problems. Satcom equipment is very expensive, and it is difficult to repair or replace it mechanically installed on aircraft, ships and military equipment.
Meanwhile, given the sensitivity of this information, Ruben will not release details that can help carry out malicious attacks at one time.
Original address: https://www.eeboard.com/news/blackhat-2018-satcom-leak/
Search "aiban.com" and pay more attention. You can master the latest development board, intelligent hardware, open source hardware, activities and other information every day. Recommend attention!
[wechat scanning can be followed directly]“
Our other product:
